Apple

While looking for ways of speeding up the performance of the upcoming Firefox 3 browser, developer Vladimir Vukicevic said this week that he came across dozens of secret tweaks built into WebKit - the software at the core of Apple’s own Safari browser. Separately, security researchers said this week they have found a way of locally bypassing the security of Mac OS X’s Keychain password system.

Vukicevic was able to use a publicly documented technique to get the efficiency gain he wanted, but noticed that WebKit has its own, undocumented way of getting around the problem. “Apparently, there is a way to do this programatically, along with some other interesting things like enabling window update display throttling - but only if you’re Apple,” he wrote in a blog post .

“All these WebKit methods are undocumented, and they appear in binary blobs shipped along with the WebKit source.” He said there are more than 100 such undocumented techniques in the WebKit library. “Would any other apps like to take advantage of some of that functionality? I’m pretty sure the answer there is yes, but they can’t,” he wrote. Safari is based on open source software, but the concealments are a demonstration that that Apple isn’t fully committed ot open source, Vukicevic argued.

“Despite my frustrations with Linux, this type of hiding isn’t really possible in a real open source environment,” he wrote. “I don’t think this is malicious, it’s just an unfortunate cutting of corners that is way too easy for a company that’s not fully open to do.” David Hyatt, a WebKit developer, responded that the undocumented parts of Safari are kept hidden for a reason. “Many of the private methods that WebKit uses are private for a reason.